----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2988/#review3627 -----------------------------------------------------------
Ship it! Seems ok to me... /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h <https://reviews.apache.org/r/2988/#comment8091> The last sentence in this comment isn't entirely true... it will only compare the id against the username if the userid of the connection was in the default domain. Not a big issue, I just got confused when first reading this. /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h <https://reviews.apache.org/r/2988/#comment8092> Does isDefaultRealm get initialised anywhere? - Gordon On 2011-12-01 21:09:19, Alan Conway wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/2988/ > ----------------------------------------------------------- > > (Updated 2011-12-01 21:09:19) > > > Review request for qpid, Gordon Sim and Ted Ross. > > > Summary > ------- > > QPID-3652: Fix cluster authentication. > > Only allow brokers that authenticate as the cluster-username to join a > cluster. > > New broker first connects to a cluster broker authenticates as the > cluster-username > and sends its CPG member ID to the qpid.cluster-credentials exchange. > The cluster broker that subsequently acts as updater verifies that the > credentials are > valid before connecting to give the update. > > NOTE: If you are using an ACL, the cluster-username must be allowed to > publish to the qpid.cluster-credentials exchange. E.g. in your ACL file: > > acl allow foo@QPID publish exchange name=qpid.cluster-credentials > > > This addresses bug QPID-3652. > https://issues.apache.org/jira/browse/QPID-3652 > > > Diffs > ----- > > /trunk/qpid/cpp/rubygen/amqpgen.rb 1209052 > /trunk/qpid/cpp/src/Makefile.am 1209052 > /trunk/qpid/cpp/src/cluster.mk 1209052 > /trunk/qpid/cpp/src/qpid/UrlArray.h PRE-CREATION > /trunk/qpid/cpp/src/qpid/UrlArray.cpp PRE-CREATION > /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h 1209052 > /trunk/qpid/cpp/src/qpid/broker/SemanticState.h 1209052 > /trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp 1209052 > /trunk/qpid/cpp/src/qpid/client/FailoverListener.cpp 1209052 > /trunk/qpid/cpp/src/qpid/cluster/Cluster.h 1209052 > /trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp 1209052 > /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.h PRE-CREATION > /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.cpp PRE-CREATION > /trunk/qpid/cpp/src/qpid/cluster/FailoverExchange.cpp 1209052 > /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.h 1209052 > /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.cpp 1209052 > /trunk/qpid/cpp/src/tests/InitialStatusMap.cpp 1209052 > /trunk/qpid/cpp/src/tests/brokertest.py 1209052 > /trunk/qpid/cpp/src/tests/cluster_authentication_soak.cpp 1209052 > /trunk/qpid/cpp/src/tests/cluster_tests.py 1209052 > /trunk/qpid/cpp/xml/cluster.xml 1209052 > > Diff: https://reviews.apache.org/r/2988/diff > > > Testing > ------- > > 3 new tests in cluster_tests.py, tested by hand with ANONYMOUS, PLAIN and > DIGEST-MD5 mechanisms. > > > Thanks, > > Alan > >
